php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72972 Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
Submitted: 2016-08-30 12:58 UTC Modified: 2016-09-08 22:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mrowiec dot adam at gmail dot com Assigned: cmb (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5.6.25 OS: Linux
Private report: No CVE-ID: None
 [2016-08-30 12:58 UTC] mrowiec dot adam at gmail dot com
Description:
------------
You made the bug in the commit:

https://github.com/php/php-src/commit/6fc7817558db2016b160277e410381f286fe127a


Because, You have bad ranges for the flags in IPv4.

FILTER_FLAG_NO_RES_RANGE - Range reserved by protocol:

0.0.0.0/8
240.0.0.0/4
127.0.0.0/8
169.254.0.0/16

This filter should return false only for this ranges

FILTER_FLAG_NO_PRIV_RANGE - Range use for private network:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

This filter should return false only for this ranges

Look in rfc6890:

https://tools.ietf.org/html/rfc6890

And your documentation is not actual:

http://www.php.net/filter.filters.flags

Test script:
---------------
var_dump(filter_var('192.168.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE));
var_dump(filter_var('169.254.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE));

Expected result:
----------------
string(11) "192.168.0.1"
string(11) "169.254.0.1"

Actual result:
--------------
bool(false)
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-31 16:51 UTC] cmb@php.net
-Assigned To: +Assigned To: jpauli
 [2016-08-31 16:51 UTC] cmb@php.net
The reasoning is explained in the respective PR, see
<https://github.com/php/php-src/pull/1954#issue-162266976>.

Julien, do we stick with this? If so, please re-classify as doc
bug, and assign to me.
 [2016-09-01 08:37 UTC] jpauli@php.net
Please, have a look at https://github.com/jpauli/php-src/commit/3b47ad7b835aaae547bbbfe749d19485ec0c5046 and tell me if it is all right to you
 [2016-09-01 19:43 UTC] mrowiec dot adam at gmail dot com
Yes, I thing that it is all right
 [2016-09-02 08:15 UTC] jpauli@php.net
Please have a look at https://github.com/php/php-src/pull/2113  with tests.

Tell me if it is OK
 [2016-09-04 10:10 UTC] mrowiec dot adam at gmail dot com
FILTER_FLAG_NO_PRIV_RANGE - is OK
FILTER_FLAG_NO_RES_RANGE  - is OK
 [2016-09-05 08:13 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9834978a8b80dace62adfc82b41918dc239e9e85
Log: Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
 [2016-09-05 08:13 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
 [2016-09-05 08:15 UTC] jpauli@php.net
Just merged that
 [2016-09-08 08:44 UTC] jpauli@php.net
-Status: Closed +Status: Re-Opened -Type: Bug +Type: Documentation Problem -Assigned To: jpauli +Assigned To: cmb
 [2016-09-08 08:44 UTC] jpauli@php.net
Doc for FILTER_FLAG_NO_RES_RANGE needs an update
 [2016-09-08 11:47 UTC] cmb@php.net
-Status: Re-Opened +Status: Closed
 [2016-09-08 11:47 UTC] cmb@php.net
I have updated the FILTER_FLAG_NO_(RES|PRIV)_RANGE docs to what
these constants should do[1]. That is also what the implementation
currently does, except for FILTER_FLAG_NO_RES_RANGE for IPv6
addresses. This still implements RFC 5156[2] which has, however,
been obsoleted by RFC 6890[3]. I'll open a new ticket wrt. this
issue.

[1] <http://svn.php.net/viewvc?view=revision&revision=340004>
[2] <https://tools.ietf.org/html/rfc5156>
[3] <https://tools.ietf.org/html/rfc6890>
 [2016-09-08 19:33 UTC] mrowiec dot adam at gmail dot com
thank you. Good work
 [2016-09-08 22:23 UTC] cmb@php.net
-Type: Documentation Problem +Type: Bug
 [2016-09-08 22:23 UTC] cmb@php.net
Thanks to you for reporting the issue!
 [2016-10-17 10:08 UTC] bwoebi@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9834978a8b80dace62adfc82b41918dc239e9e85
Log: Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 06:01:30 2024 UTC